Table of Content

    15 June 2017, Volume 3 Issue 6
    Digital Authentication Connecting the Trusted World
    2017, 3(6):  482-493. 
    Asbtract ( )   PDF (4500KB) ( )  
    Related Articles | Metrics
    Quantum Key Digital Certificate System and Its Application
    2017, 3(6):  494-500. 
    Asbtract ( )   PDF (1447KB) ( )  
    References | Related Articles | Metrics
    The security of classical network communication is mostly based on computational security, which is nonunconditional. The emergence of quantum key distribution (QKD) network based on physical security changes this situation. By means of quantum key distribution network generated quantum key, classical network data communication can achieve unconditional security. At present, the most effective information system authentication method is based on the identity authentication method of PKI (public key infrastructure). Its security depends on the security of public key encryption. The security of public key encryption is based on the complexity of large number decomposition. Based on the quantum cryptography network, a quantum key digital certificate system can be constructed by means of a trusted center, and a quantum key infrastructure (QKI) with quantum authentication mechanism (QCA) is established. Quantum key digital certificate in the identification and digital signature of the specific application methods.
    Analysis of the Application of Cryptographic Algorithms in Eduroam
    2017, 3(6):  501-509. 
    Asbtract ( )   PDF (1932KB) ( )  
    References | Related Articles | Metrics
    Eduroam, i.e. the education roaming, provides secure global wireless access roaming service for research institutions and schools. Member in Eduroam alliance can access to WLAN in other organizations within the alliance using their account in their own institution as users are authenticated by authentication servers of users own institutions. Authentication process in Eduroam contains the following contents: the establishment of communication connections between two direct communication entities, how do communication protocols support authentication protocol, the trust fabric Eduroam choose to transmit packets between mobile devices and authentication servers, and the mutual authentication through which authentication servers and mobile devices authenticate each other. Cryptographic algorithms are used for various purpose, such as protecting authentication credential from disclosure, helping proxy servers establishing trust relationships. However, All of these cryptographic algorithms are international standard which may brings potential security compromise that we dont know. Replacing international cryptographic algorithms with national cryptographic algorithms can strength the security of authentication progress to a certain degree. And such replacement will not influence the authentication system at all. Although we cant change cryptographic algorithms supported by servers and access point outside our state, we can require domestic mobile devices and servers to support national cryptographic algorithms. That still make sense, especially in protecting authentication credential.
    Fine-Grained Access Control and Audit Management in Big Data Environment
    2017, 3(6):  509-516. 
    Asbtract ( )   PDF (2431KB) ( )  
    References | Related Articles | Metrics
    Big data technology is getting more and more attention and is used more and more widely. It also led to concerns for the security of big data. Among all the security issues, this paper focuses on the problem of finegrained access control and audit management in the context of big data. Starting from the characteristics of 4V and distributed application of big data, this paper analyzes why previous access control methods couldnt adapt to the security requirements of big data, and proposes the basedonbehavior whole process finegrained access control and audit management solutions under the circumstances of big data, utilizing the 4A and security agent technology, as well as ABAC access control mechanism. The combination of inside and outside, realized in the big data environment, based on the behavior of the whole process management of finegrained access control and auditing of the solution.
    Research of Electronic Invoice System Based on Block Chain
    2017, 3(6):  516-522. 
    Asbtract ( )   PDF (3190KB) ( )  
    References | Related Articles | Metrics
    The largescale application of electronic invoices has promoted the development of economy and society, but there are also some problems, such as repeated reimbursement of electronic invoices and so on. The practical problems can be effectively solved by the application of block chain technology in electronic invoices, then the four characteristicsthat of sharing, of right confirmation, of authenticity, and of trust of electronic invoice data are provided. The application situation of the electronic invoice is introduced, the block chain technology is expounded, and the key technical problems of the application of the block chain in the electronic invoice are described. Finally, the electronic invoice system based on block chain is designed and researched.
    A PrivacyPreserving Data Aggregation Algorithm in Wireless Sensor Networks
    2017, 3(6):  523-528. 
    Asbtract ( )   PDF (701KB) ( )  
    References | Related Articles | Metrics
    With the practical application in wireless sensor networks, data aggregation technique becomes one of the most important research areas. However, Wireless sensor networks are always deployed in remote and hostile environments to transmit sensitive information, in which sensor nodes are apt to encounter some serious leakage of sensitive data in data aggregation. Hence, privacy preservation is becoming an increasingly important issue in security data aggregation for wireless sensor networks. Therefore, the algorithms of privacy security, whichis based on data aggregation in wireless sensor network, are studied. Meanwhile, the privacypreserving data aggregation models are researched. At present, there are two main privacypreserving methods are studied, which are hopbyhop encryption method and endtoend encryption method. In hopbyhop encryption method, the SMART (slicemixed aggregation) algorithm is representative. However, this algorithm destroys the raw data of each sensor node, which make the fusion center couldnt restore the raw data in each sensor node. In endtoend encryption method, ECC (elliptic curve cryptography) based homomorphic encryption algorithms are able to restore the fusion data to some extent. Therefore, a novel privacypreserving data aggregation algorithm (ECCSMART) is proposed, which combines the ECC algorithm and SMART algorithm. The proposed althrithm can restore the sliced data in fusion center, and enhance the security of the wireless sensor networks.
    Application of Trusted Third Party Authentication in Smart Home
    2017, 3(6):  528-532. 
    Asbtract ( )   PDF (1271KB) ( )  
    References | Related Articles | Metrics
    Smart Home products in the use of remote control is easy to be hijacked, local control easily invaded, which causes many other security risks. Making use of trusted thirdparty authentication technology in the Smart Home products, establishing trust relationships of Smart Home products, users mobile devices and services platform that is trusted cloud platform , thirdparty mutual trust based on mature PKI technology, asymmetric algorithm for the core technology to ensure that Smart home products only execute user instructions which are authenticated by trusted cloud platform . The deployment of Smart Home products is divided into the overall home product and intelligent single product, in the use of local control and remote control, different situations require trusted thirdparty authentication to ensure product security. In order to reduce the cost while adding a trusted thirdparty authentication mechanism, the protocol transformation on the basis of the MQTT protocol is also the best practice for the rapid application of the authentication technology to the smart home industry.
    Research on the Development Trend of Identity Authentication Technology Based on Face Biometrics
    2017, 3(6):  533-537. 
    Asbtract ( )   PDF (834KB) ( )  
    References | Related Articles | Metrics
    Research on SSL/TLS Protocol Configuration Security Assessment Model Based on Fuzzy Comprehensive Analysis
    2017, 3(6):  538-547. 
    Asbtract ( )   PDF (1124KB) ( )  
    References | Related Articles | Metrics
    The SSLTLS protocol is a standard for encrypted network communication. However, due to the complexity of the SSLTLS protocol, Web sites are prone to various security vulnerabilities when implementing and deploying SSLTLS protocols. We feel that there is surprisingly little attention paid to how SSL is configured, given its widespread usage in the Web sites. Based on the detailed analysis of the characteristics and influencing factors of Web sites security assessment, this paper puts forward a new definition of Web sites security level, and combined the analytical hierarchy process (AHP) with fuzzy comprehensive analysis method to construct a Web site security assessment model based on AHPfuzzy comprehensive analysis. Then we apply the model to the actual sites evaluation. By contrast to the evaluation results of Qualys SSL Labs and HighTech, we found that this model can better solve the following issues in the existing evaluation system: security level is not clear, ignoring the 3DES insecure cipher suites and critical expansion OCSP Stapling and so on, so as to better illustrate the validity and accuracy of the model.
    Research and Design of E-Government Authentication Service System Interconnection Platform
    2017, 3(6):  548-553. 
    Asbtract ( )   PDF (2089KB) ( )  
    References | Related Articles | Metrics
    At present, Chinas egovernment network has the problems of poor connectivity and low sharing, in order to strengthen the interconnection and intercommunication in the egovernment field, this paper puts forward the idea of construction and improvement of accelerated electronic certification mutual recognition platform. It can be regarded as one of the effective paths to improve the credible network space in China. On the basis of explaining the present situation of our countrys electronic certification service industry, and combining the basic situation of our country, the construction form and method of electronic certification mutual recognition platform are studied and analyzed, to improve the quality of electronic authentication services system interconnection platform.egovernment; electronic authentication; interconnection; mutual recognition platform; CA
    The Construction and Application of the Cloud Authentication Service Mode on Chinese Center for Disease Control and Prevention Information System
    2017, 3(6):  554-559. 
    Asbtract ( )   PDF (2121KB) ( )  
    References | Related Articles | Metrics
    This paper provides twofactor login authentication method based on digital certificate for Chinese center for disease control and prevention information system registered users, based on digital certificate, establishes a highsecurity and highly reliable identity authentication management mechanism through the establishment of cloud electronic authentication service platform. Thus it can prevent the hidden dangers of account information leakage. At the same time, it also describes how to build multi CA mutual trust mechanism. In order to solve the problem of mutual recognition of digital certificates in different CA institutions to achieve cross regional data transmission and sharing issues, support the analysis of different CA certificates, certificate file storage, certificate query verification of the unity.
    Cyber Range Based Security Analysis of DNC Protocol
    2017, 3(6):  560-567. 
    Asbtract ( )   PDF (4218KB) ( )  
    References | Related Articles | Metrics
    Widely available, lowcost Internet Protocol (IP) devices are now replacing specialized proprietary control protocols in Distributed Numerical Control (DNC) system, which increases the possibility of cyber security vulnerabilities and incidents. In order to analyze the security of protocol in DNC system, in this paper, a cyber range technique for building DNC system is proposed. The potential risks against DNC system are then revealed based on the security analysis on the acquired boundary protocol. Respective to the risks, the boundary protection policies are formulated at last, suggesting the protection measures taken for real manufacturing industry.
    Cybersecurity Law Starting up the New Era of Cyber Legislation in China
    2017, 3(6):  568-572. 
    Asbtract ( )   PDF (2100KB) ( )  
    Related Articles | Metrics
    The “2.0-Era” of Certifcation and Authentication Techniques
    2017, 3(6):  573-576. 
    Asbtract ( )   PDF (1380KB) ( )  
    Related Articles | Metrics